CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 (5.2.0.00–5.2.0.12) has a session management flaw: it does not invalidate the user session after a browser closure, enabling an authenticated user to impersonate another user. The issue is classed under Insufficient Session Ex...

CVE-2024-45651

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

CVE-2024-45651

IBM Sterling Connect:Direct Web Services versions 6.1.0, 6.2.0, and 6.3.0 expose a session-fixation issue: closing a browser does not invalidate the session, potentially allowing an authenticated user to impersonate another user. Remediation per IBM bulletin is to upgrade to fixed versions: 6.3.0...

CVE-2024-45651 IBM Sterling Connect:Direct Web Services session fixation

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

Security Bulletin: IBM Sterling Connect:Direct Web Services does not invalidate session after a browser closure (CVE-2024-45651)

Summary IBM Sterling Connect:Direct Web Services does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. Vulnerability Details CVEID:CVE-2024-45651 DESCRIPTION: IBM Sterling Connect:Direct Web Services does not...